Re: enforcing strong passwords with PAM
Hi, not exactly a ansewr but more extreme option here:
On Sat, Jan 19, 2002 at 01:44:50AM +0100, martin f krafft wrote:
> hi,
>
> libpam-cracklib is a nice addition, but how can i use PAM to enforce at
> least one symbol, one digit, and one "other"-case character (if p/w is
> all uppercase, enforce one lower case, and vice versa)?
I disable password for console access completely. If I can have console
acccess, I can always login with boot: init=/bin/sh trick :)
My /etc/pam.d/login contains following modification:
...
# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
#auth required pam_unix.so nullok
auth required pam_permit.so
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please uncomment and edit /etc/security/group.conf if you
...
If you read this file, it is quite simple to chenge password length
change. But why have password :-)
(This will still have password for network login. But there are serious
security issues if you do this. )
Osamu
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~
+ Osamu Aoki <debian@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D +
+ My debian quick-reference, http://qref.sourceforge.net/quick/ +
Reply to: